Cyber Crime causes a Territory construction company significant financial hardship.

In a recent Cyber Crime case, a Territory construction business lost $130,000 to a Business Email Compromise or invoice fraud.

Company representative, Linda*, said;

“Businesses need to be understand cybercrime and invoice fraud is a real risk for local companies.”

“Our computer systems were hacked and clients directed by the hacker to divert payments to a different bank account.”

“The cyberattack had a huge influence, not only on us, but also our clients. If we don’t get paid, we can’t pay our suppliers.  The significant financial hardship was passed on down through the trade flow.”

“The financial loss from cybercrime can be devastating to a business.  It can involve your whole supply chain payments being diverted and the money quickly transferred out of the country before you realise.” 

“I strongly encourage businesses to protect themselves against cybercrime.”

Commenting on this Cyber Crime Acting Sergeant Jason Corbett of the NT Police Cyber Crime unit said, “This type of crime is preventable by implementing IT security controls and business payment process controls and the Cyber Smart Briefing will explain how you can implement this.”

Register your attendance at becybersmart.nt.gov.au

Event details:

Date: Wednesday 11 September 2019

Time: 11am to 12.30pm

Venue: Hilton Hotel Darwin, 32 Mitchell Street

Cost: Free

Note: For Case Study one.

• Linda* not real name and no surname or business name is provided at the request of the business.
• Business email compromise (BEC) is an online scam where a cybercriminal impersonates a business representative to trick you, an employee, customer or vendor into transferring money or sensitive information to the scammer.

To begin, a cybercriminal impersonates a trusted person using an email address that appears to be legitimate (this is known as "masquerading"). To do this, they may use a username that is almost identical to the trusted person's name, or a domain that is almost identical to the name of the trusted person's company. Alternatively, they could replace the "from" or "reply-to" text with the trusted person's exact email address (this is called email "spoofing"), or they could even gain remote access to the trusted person's actual email account.

The cybercriminal then sends a legitimate-looking message to the target requesting money or sensitive information.

BEC usually takes one of four basic forms:

• Executive fraud: The cybercriminal successfully masquerades an executive's email address and then sends a message to staff in your business directing them to transfer funds to the scammer's account.
• Legal impersonation: The cybercriminal masquerades as a lawyer or legal firm representative requesting payment for an urgent and sensitive matter.
• Invoice fraud: The cybercriminal masquerades as a trusted supplier and sends a fake invoice to your business. In these scams, the cybercriminal often has control of the supplier's email account and can access legitimate invoices. The cybercriminal changes these invoices to include new bank account details and then sends the invoices to customers from the supplier's email account.
• Data theft: Instead of requesting funds, a cybercriminal may masquerade as a trusted person to request sensitive information. This information can then also be used as part of a larger and more damaging scam.